GitHub is grappling with a significant breach stemming from a compromised Visual Studio Code extension. The incident highlights the escalating risks within the developer tooling supply chain.
Forget just securing the code repository. A seismic shift is underway, transforming developer workstations into the hottest new target for sophisticated supply chain attacks.
Linux developers, watch your backs. A new stealthy malware, dubbed Quasar Linux (QLNX), is slithering into development environments. This isn't your grandpa's virus; it's a sophisticated implant designed for long-term infiltration and credential theft.
The cybersecurity world braced for another supply chain assault, but GlassWorm's latest move in the OpenVSX ecosystem is a quiet, insidious evolution. They're no longer just dropping malware; they're planting seeds.
One pip install, and your AWS keys were gone. The LiteLLM attack shows developer laptops aren't just tools—they're attacker playgrounds loaded with plaintext secrets.